Use FileAudit Plus to swiftly detect threats
and automatically respond to incidents

Shut down infected devices to instantly halt the spread of ransomware.

View in-depth details of events for further investigation.

Get a free tutorial on
how to track and shutdownransomware

Loading...

Thanks for reaching out, our team will contact you shortly.

Detect and respond toransomware
with FileAudit Plus

FileAudit Plus is a real-time change monitoring and alerting tool for Windows file systems. Since it uses dedicated agents to monitor files continuously, FileAudit Plus has the ability to detect file changes the very instant they happen. This tool offers two important features which play a critical role in detecting and responding to ransomware attacks successfully: mass access alerts and automatic alert responses. Using these two features, FileAudit Plus significantly reduces the time it takes to detect and respond to a ransomware attack. In fact, it automatically responds as soon as it detects the signs of a ransomware-type compromise. In doing so, it completely removes the need for human intervention, which is often slow and unsuccessful when pitted against ransomware attacks.

Mass access alerts:

When an encryption attack is underway, the ransomware accesses and modifies an unusually large number of files in a short period of time. FileAudit Plus can be configured to monitor the frequency of file modifications by a user, and to alert whenever the number of modifications crosses a specified threshold within a specified time period. Given its real-time event monitoring capability, FileAudit Plus' threshold-based alerts are triggered as soon as the ransomware starts its encryption exercise. Alerts also indicate the username, source, date, and time of the security breach, and other alert parameters, paving the way for further investigation.

Automatic alert response:

FileAudit Plus allows you to configure a predetermined response to an alert. In other words, you can program the tool to take a specified action when a certain alert is triggered, effectively enabling you to automate the incident response. FileAudit Plus has a built-in ransomware alert response, which locks down the infected device, thereby stopping the spread of ransomware to network storage or other systems and preventing the attacker from causing any further damage. Additionally, you can also set up your own automated alert responses, through the execution of a batch file, to respond to mass access alerts automatically.

Understanding ransomware

Ransomware is malicious software that blocks access to data by encrypting files. Once the files are encrypted, hackers demand victims pay a ransom in order to regain access to their files.

There are a number of ways ransomware attacks are initiated.The most common attack vector is a phishing email that appears to be legitimate, tricking the victim into clicking on a link or opening an attachment. Victims might also be lured into visiting a malicious website and downloading the ransomware executable.

Once the attack is initiated and the data is encrypted, there are two options to recover data. Victims can pay the ransom, but that doesn't guarantee their files will be decrypted. They can also restore their data using a backup, but potentially vital data not included in the last backup will be lost.